Managed FTP

Facebook Twitter Gplus LinkedIn RSS
formats

Disk Encryption

Published on April 26, 2012 by in Article

Is Disk Encryption What It’s Cracked Up To Be?

Disk encryption was introduced as a solution for simplifying the data encryption requirements that most companies face. Now that we’ve gained a few years of experience, we’ve learned that disk encryption is not an all encompassing security solution. Here are a few insights as to why.

One of the more well known security standards, PCI DSS, requires that user profile access to the protected data must be managed separately from the access to the operating system that the data resides on. So for example, if the data is stored on a MS Windows server, access control to the sensitive data must be managed by an application other than in Active Directory. Also, it is required thtat the cryptographic keys and the cardholder data must be secured where ever it may be stored. For example, if the keys or sensitive data is moved on to removable media such as USB drives, CD’s, DVD, or tape backups, it must still be encrypted. Disk encryption does not encrypt data moved to other devices. In order to be compliant with PCI DSS requirements, other encryption methods must be implemented besides disk encryption.

Disk encryption is often used to encrypt laptops and mobile devices that need protection while away from the secured internal network. But we must remember that once out on the unsecured public network, data on encrypted disks is not protected from online hackers who, once they have access to the system, have access to all data on that system.

The disk encryption process takes additional forethought and time for implementation. Drives must be in good condition with no disk errors. It is recommended that each drive be de-fragmented before installing the encryption software. Once the time consuming de-fragmentation task is completed, the encryption process on the drive will take an additional 2 – 4 hours of time to implement depending on the size of the drive. If you are looking at employing this across a large number of laptops in the organization, make sure you have a well thought out and tested action plan that takes into account the impact on the users and their systems.

Experience has shown that a more effective alternative to disk encryption to meet PCI DSS and other similar regulations is to encrypt at the database field level. Although reprogramming and rebuilding your database structure to meet this requirement, there are great third party tools, such as Linoma Software’s Crypto Complete, which provide the perfect solution to this level of encryption without the need to make programming or database changes.

 
Tags:
 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
1 Comment  comments 
formats

Demystifying Managed File Transfer in the Cloud | Sandhill

Published on March 23, 2012 by in Article

Robert Fox of Liaison Technologies put together a concise definition of Managed FTP that helps the rest of us better understand where it fits in the file transfer solutions.

See for yourself at Demystifying Managed File Transfer in the Cloud | Sandhill.

While FTP can be used to send files securely if the file itself is encrypted using something like PGP.  A managed file transfer solution provides a  solution for the file management  process that lets you track, log, secure, delegate, report on, and many more things that involve taking care of your data and its’ distribution.

 
Tags: , , ,
 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 
formats

Field Encryption on the IBM i: Build or Buy?

Published on February 29, 2012 by in Article

Well before the increase in security breaches we see today, IBM had been continually developing ongoing security features that protect the sensitive data on it’s platforms. One example is when they released two encryption API’s for the IBM i platform with the operating system release level V5R3. These two API’s named, QC3ENCDT and Qc3EncryptData provided developers the tools needed to encrypt their data at a field level, but very few companies had the understanding and resources to utilize it. Even with powerful technology available to protect sensitive data, the question to ask becomes: is it better to build an encryption solution or buy it?

Data security is increasingly becoming a very critical and costly business issue that must be addressed in the applications and databases that run the operations of the business. What most of us don’t realize is how complex implementing data encryption really is. So let’s take a look some at some the issues surrounding the development of a viable encryption solution.

Learning Curve

The development team will need to come up to speed on all of the current laws and security regulations impacting the industry that they are involved in. Also, the IBM API’s have a steep learning curve that can be difficult to implement with all of the right settings.

Application/Database changes

Significant changes must be made to the existing applications and databases to accommodate the API functions. Field types need to be changed and field sizes expanded.

Key Management

The management of security keys often does not meet the stringent requirements set by regulating organization such as PCI. Strong controls must also be in place to manage the roles of who creates and manages these encryption keys. Key values must be protected from unauthorized use and security keys must be rotated, requiring all of the data to be re-encrypted.

Audit Trails

Security regulations require that an audit trail be kept on all changes to the security infrastructure. This is another application process that must be developed to meet the governing security regulations.

Programmer Resources

Internal programmers who are intimately involved in the development of this security solution can be a liability if they leave the company. It is also difficult to bring new programmers up to speed on the encryption requirements of the application.

Enterprise

An internally developed application does not often meet the needs of the enterprise-level operations. This level of expertise takes teams of developers many years to achieve.

These issues highlight a few of the challenges that come with building an encryption solution in existing or new applications. The costs become prohibitive when compared to the costs of an already available solution from a third party developer such as Linoma Software. Linoma has an IBM i based product called Crypto Complete that addresses all of the issues reviewed in this article.

 
Tags:
 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 
formats

Managed FTP and Insurance

Published on February 1, 2012 by in Article

Managing Risk

Insurance is all about managing risk. We identify, quantify and set prices based on the calculated costs of this risk. According to common sense, the higher the perceived risk, the costlier it will be to mitigate against the potential losses.  Or is it? Many in the insurance industry get so focused on the risk management cycle for clients that we forget to pay attention to risk mitigation in our own operation. Consider this adage from an unexpected source of wisdom, the Boy Scout Fieldbook manual.

An injury that doesn’t happen needs no treatment. An emergency that doesn’t occur requires no response. An illness that doesn’t develop demands no remedy. The best way to stay safe … is to avoid getting into trouble in the first place. That requires planning, training, leadership, good judgment, and accepting responsibility—in short, risk management.

Boy Scouts of  America, Fieldbook

Managing Data

The insurance industry collects data . . . and lots of it. The collection and analysis of this data becomes the basis upon many critical decisions are made. It produces the competitive advantage to provide better policies, prices, and solutions to the market. Managing both historical and cutting edge information becomes its lifeblood. If the data is the lifeblood, the astute management and protection of this data is the infrastructure of arteries and veins in and out of the heart to all of the appendages of the body that need the results of this data compilation.

Then this sensitive and private information is disseminated to various internal and external associates, customers, partners and collaborators. It is distributed through the most open network in the history of the world. The Internet. With this combination, what is the risk of a data breach? What are the costs of compromised data? What can be done to mitigate any potential losses? Any underwriter would tell a client that the risk is very high.

Heart, arteries and veins

Managed FTP

Back to the analogy of the lifeblood of the business. If the heart is the data center, then the arteries and veins are the methods of moving that data to and from your business partners.  Securing your data center is a common sense practice that any IT professional will put in place. Many do not, however, consider the significant risk in not securing the data transmission.  Many businesses overlook the critical aspect of securing the data in transit, in spite of seeing and hearing in the media about the many data breaches worldwide. This has become such a concern to the consumer, that in spite of most states having passed legislation requiring the protection of “data in motion” it has now become a Federal legislative concern.

The practice of managing FTP transactions is essential to mitigating the risks of data loss. The costs of implementing Managed FTP solutions are very minimal and provide tremendous flexibility in working with the requirements of all the various types of business partners as well as government regulations.  It makes extremely good sense to mitigate risk with a minimal cost of implementing a simple solution that protects the life blood of any business. Especially one based on risk management.

 

 
Tags: , , ,
 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 
formats

Managed File Transfer Should Be The Industry Norm To Minimise Business Risks

Published on January 30, 2012 by in Article

 

This writer, Helen M Adams, is emphasizing the need for business to move forward to a managed file transfer solution for their file

Managing riskstransactions.  Businesses can no longer afford the risks of data loss, legal penalties, and damaged business trust when files are stolen or mishandled using the old file transfer protocol to send sensitive information across the internet.

Take a look to see what she says.

Managed File Transfer Should Be The Industry Norm To Minimise Business Risks.

Then let me know what you think.

 
Tags: , , ,
 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 
© all rights reserved - danielcheney.com
credit